From owner-freebsd-current@FreeBSD.ORG Sat Sep 21 03:14:42 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 221E6CFE; Sat, 21 Sep 2013 03:14:42 +0000 (UTC) (envelope-from agh@fastmail.fm) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E568422E7; Sat, 21 Sep 2013 03:14:41 +0000 (UTC) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id A195121B6D; Fri, 20 Sep 2013 23:14:38 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Fri, 20 Sep 2013 23:14:38 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=92bo/pHRQmBgVP/AnLDRsFUu bao=; b=deRurn3ySpJGClBW2GyHgoehcFClR7hW+QKnTSJnVvFo9QMPG3IsDyuL wwo9bzbrswg15bJ0B0P3wIfv7o65sRtIGMuOQx5okCMbliaJX0jUxvJTHEdotyYt dmRBlBot0Ya/fIMxWHeitk6F4mE02Bg97RVYzyimRaxDUW8LmWo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=smtpout; bh=92bo/pHRQmBgVP/AnLDRsFUubao=; b=Rq2+IymmNa8BuvnEbEBQ5l1S5txp dE2jh53HLY97AKsxUmgv0dzLfWiEMn7uUqfCBbfvlw9LTrn4LpMjZo9CzAr8Fywq FqWT7s2C5OS5SjjJmXEJPGVTUD8e6qBrWWrF65j9+mJDOnGmVJzTKXTNoCGsGP2m jdQHXdauYkFtQ7M= X-Sasl-enc: lYS5JppDtkkg3GwXppU5YGG1Q9xDQMxIO0dAZPXMO4gx 1379733274 Received: from direwolf.aux.io (unknown [203.59.221.16]) by mail.messagingengine.com (Postfix) with ESMTPA id 9E0E9680198; Fri, 20 Sep 2013 23:14:33 -0400 (EDT) Date: Sat, 21 Sep 2013 11:14:29 +0800 From: Alastair Hogge To: Joel Dahl Subject: Re: sysctl: unknown oid 'kern.random.sys.harvest.interrupt Message-ID: <20130921031424.GA3069@direwolf.aux.io> References: <20130916172139.GA1297@devbox.vnode.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130916172139.GA1297@devbox.vnode.local> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2013 03:14:42 -0000 On 2013-09-16 Mon 19:21:39 +0200, Joel Dahl wrote: > Hi, Hi, > I noticed the following during boot on a machine running HEAD from today: I have noticed this since the recent work to /sys/dev/random > Entropy harvesting:sysctl: unknown oid 'kern.random.sys.harvest.interrupt': No such file or directory > interruptssysctl: unknown oid 'kern.random.sys.harvest.ethernet': No such file or directory > ethernetsysctl: unknown oid 'kern.random.sys.harvest.point_to_point': No such file or directory > point_to_point kickstart. > > Known problem? I currently have a Supermicro X10SLM-F with an Intel Xeon E3-1240V3 that will often panic when booting into multi-user mode. Booting into single user mode to restore the filesystem will sometimes allow the host to continue to multi-user mode, tho there is still often a panic from this point. I have the system configured with gmirror which has the following GPT configuration: freebsd-boot unencrypted /bootdir encrypted swap encrypted / /boot is a soft link to the unencrypted /bootdir, inspired by: http://cgarcia.org/posts/FreeBSD-FDE-Install.html The system is an AMD64 @ 10.0-ALPHA2 r255729. I can only access single user mode via a Java IMPI console; there might be typos: GEOM_ELI: Crypto hardware Enter passphrase for mirror/gm0p5: GEOM_ELI: Device mirror/gm0p5.eli created. GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: hardware Trying to mount root from ufs:mirror/gm0p5.eli []... ffclock reset: TSC-low (1700035662 Hz), time = 1379730296.50000000 Setting hostuuid: 00000000-0000-0000-0000-002590d6a9dd. Setting hostid: 0x9e7aaf2b Entropy harvesting: interrupts ethernet point_to_point Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 06 fault virtual address = 0xffffffff00000010 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff804c0250 stack pointer = 0x28:0xfffffe046731c600 frame pointer = 0x28:0xfffffe046731c670 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 68 (sysctl) [ thread pid 68 tid 100102 ] Stopped at sysctl_sysctl_net_ls+0x80: movl 0x10(%r12),%eax db> bt Tracing pid 68 tid 100102 td 0xfffff8000b5f9000 sysctl_sysctl_next_ls() at sysctl_sysctl_next_ls+0x80/frame 0xfffffe046731c670 sysctl_sysctl_next_ls() at sysctl_sysctl_next_ls+0x155/frame 0xfffffe046731c6e0 sysctl_sysctl_next_ls() at sysctl_sysctl_next_ls+0x191/frame 0xfffffe046731c750 sysctl_sysctl_next() at sysctl_sysctl_next_ls+0x5e/frame 0xffffe046731x800 sysctl_root() at sysctl_root+0x1e4/frame 0xffffe046731c850 userland_sysctl() at userland_sysctl+0x192/frame 0xfffffe046731c8f0 sys___sysctl() at sys___sysctl+0x74/frame 0xfffffe046731c9a0 amd64_syscall() at amd64_syscall+0x239/frame 0xfffffe046731cab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe046731cab0 --- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x80095553a, rsp = 0x7fffffffd768, rbp = 0x7fffffffd7a0 --- db> $ cat /etc/make.conf WITH_PKGNG=YES PERL_VERSION=5.16.3 MAKE_JOBS_NUMBER=9 NO_PROFILE=true CPUTYPE?=corei7-avx PERL_VERSION=5.16.3 $ cat /etc/src.conf ALWAYS_CHECK_MAKE=YES MALLOC_PRODUCTION=YES CC=clang CXX=clang++ CPP=clang-cpp # See man 5 src.conf WITH_BSDCONFIG=YES WITH_BSD_GREP=YES WITH_CLANG_EXTRAS=YES WITH_CLANG_FULL=YES #WITH_DEBUG_FILES=YES WITH_ICONV=YES WITH_LLDB=YES WITH_LIBCPLUSPLUS=YES WITH_NMTREE=YES WITH_SVNLITE=YES WITHOUT_BIND=YES WITHOUT_BIND_IDN=YES WITHOUT_BIND_LARGE_FILE=YES WITHOUT_BIND_SIGCHASE=YES WITHOUT_CTM=YES WITHOUT_CVS=YES WITHOUT_FLOPPY=YES WITHOUT_IPFILTER=YES WITHOUT_IPFW=YES WITHOUT_IPX=YES #WITHOUT_KERBEROS=YES #WITHOUT_KERBEROS_SUPPORT=YES WITHOUT_LPR=YES WITHOUT_NCP=YES #WITHOUT_NIS=YES WITHOUT_RCMDS=YES WITHOUT_SENDMAIL=YES WITHOUT_ZFS=YES $ cat /boot/loader.conf vfs.root.mountfrom="ufs:mirror/gm0p5.eli" loader_logo="beastie" kernel="kernel.DEBUG" kern.cam.ada.legacy_aliases=0 kern.cam.cd.retry_count=0 hw.ivy_rng_enable=0 # does not make any diff. to panic hw.usb.no_boot_wait=1 hw.pci.do_power_nodriver=3 $ cat /etc/rc.conf # Networking hostname="example.org" ifconfig_igb0="inet 10.0.0.2 netmask 255.255.255.0" defaultrouter="10.0.0.1" nsd_enable="NO" unbound_enable="YES" sshd_enable="YES" ftpd_enable="NO" ntpd_sync_on_start="YES" ntpd_enable="YES" nginx_enable="NO" opendnssec_enable="NO" sshguard_watch_logs="/var/log/auth.log" sshguard_enable="YES" # Firewall pflog_logfile="/var/log/pflog" pflog_enable="YES" pf_rules="/etc/pf.conf" pf_enable="YES" # Filesystem background_fsck="NO" dumpdev="AUTO" # Maintenance clear_tmp_enable="YES" clearvar_enalble="YES" populate_var="YES" # Mail sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" smtpd_flags="-v" smtpd_enable="NO" obspamd_flags="-h smtp.example.org -n spamd -v" obspamd_enable="YES" obspamlogd_enable="YES" # Misc bsdstats_enable="YES" $ cat /sys/amd64/cond/EXAMPLE_DEBUG cpu HAMMER ident EXAMPLE_DEBUG options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options TCP_OFFLOAD # TCP offload options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options QUOTA # Enable disk quotas for UFS options MD_ROOT # MD is a potential root device options NFSCL # New Network Filesystem Client options NFSD # New Network Filesystem Server options NFSLOCKD # Network Lock Manager nooptions NFS_ROOT # NFS usable as /, requires NFSCL options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_ELI options GEOM_PART_GPT # GUID Partition Tables. nooptions GEOM_RAID # Soft RAID functionality. options GEOM_LABEL # Provides labelization options GEOM_MIRROR options COMPAT_FREEBSD32 # Compatible with i386 binaries nooptions COMPAT_FREEBSD4 # Compatible with FreeBSD4 nooptions COMPAT_FREEBSD5 # Compatible with FreeBSD5 nooptions COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options CAPABILITY_MODE # Capsicum capability mode options CAPABILITIES # Capsicum capabilities options PROCDESC # Support for process descriptors options MAC # TrustedBSD MAC Framework nooptions KDTRACE_FRAME # Ensure frames are compiled in nooptions KDTRACE_HOOKS # Kernel DTrace hooks options INCLUDE_CONFIG_FILE # Include this file in kernel nooptions KDB # Kernel debugger related code nooptions KDB_TRACE # Print a stack trace for a panic nooptions DDB_CTF # kernel ELF linker loads CTF data # Make an SMP-capable kernel by default options SMP # Symmetric MultiProcessor Kernel # CPU frequency control device cpufreq # Bus support. device acpi device pci # Floppy drives device fdc # ATA controllers device ahci # AHCI-compatible SATA controllers nodevice ata # Legacy ATA/SATA controllers nooptions ATA_CAM # Handle legacy controllers with CAM nooptions ATA_STATIC_ID # Static device numbering nodevice mvs # Marvell 88SX50XX/88SX60XX/88SX70XX/SoC SATA nodevice siis # SiliconImage SiI3124/SiI3132/SiI3531 SATA # SCSI Controllers nodevice ahc # AHA2940 and onboard AIC7xxx devices nooptions AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. nodevice ahd # AHA39320/29320 and onboard AIC79xx devices nooptions AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. nodevice esp # AMD Am53C974 (Tekram DC-390(T)) nodevice hptiop # Highpoint RocketRaid 3xxx series nodevice isp # Qlogic family #device ispfw # Firmware for QLogic HBAs- normally a module nodevice mpt # LSI-Logic MPT-Fusion nodevice mps # LSI-Logic MPT-Fusion 2 #device ncr # NCR/Symbios Logic nodevice sym # NCR/Symbios Logic (newer chipsets + those of `ncr') nodevice trm # Tekram DC395U/UW/F DC315U adapters nodevice adv # Advansys SCSI adapters nodevice adw # Advansys wide SCSI adapters nodevice aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. nodevice bt # Buslogic/Mylex MultiMaster SCSI adapters nodevice isci # Intel C600 SAS controller # ATA/SCSI peripherals device scbus # SCSI bus (required for ATA/SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct ATA/SCSI access) device ses # Enclosure Services (SES and SAF-TE) #device ctl # CAM Target Layer # RAID controllers interfaced to the SCSI subsystem nodevice amr # AMI MegaRAID nodevice arcmsr # Areca SATA II RAID #XXX it is not 64-bit clean, -scottl #device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID nodevice ciss # Compaq Smart RAID 5* nodevice dpt # DPT Smartcache III, IV - See NOTES for options nodevice hptmv # Highpoint RocketRAID 182x nodevice hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx nodevice iir # Intel Integrated RAID nodevice ips # IBM (Adaptec) ServeRAID nodevice mly # Mylex AcceleRAID/eXtremeRAID nodevice twa # 3ware 9000 series PATA/SATA RAID nodevice tws # LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller # RAID controllers nodevice aac # Adaptec FSA RAID nodevice aacp # SCSI passthrough for aac (requires CAM) nodevice ida # Compaq Smart RAID nodevice mfi # LSI MegaRAID SAS nodevice mlx # Mylex DAC960 family #XXX pointer/int warnings #device pst # Promise Supertrak SX6000 nodevice twe # 3ware ATA RAID # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver nooptions VESA # Add support for VESA BIOS Extensions (VBE) device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc options SC_PIXEL_MODE # add support for the raster text mode nodevice agp # support several AGP chipsets # PCCARD (PCMCIA) support # PCMCIA and cardbus bridge support nodevice cbb # cardbus (yenta) bridge nodevice pccard # PC Card (16-bit) bus nodevice cardbus # CardBus (32-bit) bus # Serial (COM) ports device uart # Generic UART driver # Parallel port nodevice ppc nodevice ppbus # Parallel port bus (required) nodevice lpt # Printer nodevice plip # TCP/IP over parallel nodevice ppi # Parallel port interface device #device vpo # Requires scbus and da device puc # Multi I/O cards and multi-channel UARTs # PCI Ethernet NICs. nodevice bxe # Broadcom BCM57710/BCM57711/BCM57711E 10Gb Ethernet nodevice de # DEC/Intel DC21x4x (``Tulip'') nodevice em # Intel PRO/1000 Gigabit Ethernet Family device igb # Intel PRO/1000 PCIE Server Gigabit Family nodevice ixgbe # Intel PRO/10GbE PCIE Ethernet Family nodevice le # AMD Am7900 LANCE and Am79C9xx PCnet nodevice ti # Alteon Networks Tigon I/II gigabit Ethernet nodevice txp # 3Com 3cR990 (``Typhoon'') nodevice vx # 3Com 3c590, 3c595 (``Vortex'') # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! nodevice miibus # MII bus support nodevice ae # Attansic/Atheros L2 FastEthernet nodevice age # Attansic/Atheros L1 Gigabit Ethernet nodevice alc # Atheros AR8131/AR8132 Ethernet nodevice ale # Atheros AR8121/AR8113/AR8114 Ethernet nodevice bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet nodevice bfe # Broadcom BCM440x 10/100 Ethernet nodevice bge # Broadcom BCM570xx Gigabit Ethernet nodevice cas # Sun Cassini/Cassini+ and NS DP83065 Saturn nodevice dc # DEC/Intel 21143 and various workalikes nodevice et # Agere ET1310 10/100/Gigabit Ethernet nodevice fxp # Intel EtherExpress PRO/100B (82557, 82558) nodevice gem # Sun GEM/Sun ERI/Apple GMAC nodevice hme # Sun HME (Happy Meal Ethernet) nodevice jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet nodevice lge # Level 1 LXT1001 gigabit Ethernet nodevice msk # Marvell/SysKonnect Yukon II Gigabit Ethernet nodevice nfe # nVidia nForce MCP on-board Ethernet nodevice nge # NatSemi DP83820 gigabit Ethernet #device nve # nVidia nForce MCP on-board Ethernet Networking nodevice pcn # AMD Am79C97x PCI 10/100 (precedence over 'le') nodevice re # RealTek 8139C+/8169/8169S/8110S nodevice rl # RealTek 8129/8139 nodevice sf # Adaptec AIC-6915 (``Starfire'') nodevice sge # Silicon Integrated Systems SiS190/191 nodevice sis # Silicon Integrated Systems SiS 900/SiS 7016 nodevice sk # SysKonnect SK-984x & SK-982x gigabit Ethernet nodevice ste # Sundance ST201 (D-Link DFE-550TX) nodevice stge # Sundance/Tamarack TC9021 gigabit Ethernet nodevice tl # Texas Instruments ThunderLAN nodevice tx # SMC EtherPower II (83c170 ``EPIC'') nodevice vge # VIA VT612x gigabit Ethernet nodevice vr # VIA Rhine, Rhine II nodevice wb # Winbond W89C840F nodevice xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. pccard NICs included. nodevice cs # Crystal Semiconductor CS89x0 NIC # 'device ed' requires 'device miibus' nodevice ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards nodevice ex # Intel EtherExpress Pro/10 and Pro/10+ nodevice ep # Etherlink III based cards nodevice fe # Fujitsu MB8696x based cards nodevice sn # SMC's 9000 series of Ethernet chips nodevice xe # Xircom pccard Ethernet # Wireless NIC cards nodevice wlan # 802.11 support nooptions IEEE80211_DEBUG # enable debug msgs nooptions IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's nooptions IEEE80211_SUPPORT_MESH # enable 802.11s draft support nodevice wlan_wep # 802.11 WEP support nodevice wlan_ccmp # 802.11 CCMP support nodevice wlan_tkip # 802.11 TKIP support nodevice wlan_amrr # AMRR transmit rate control algorithm nodevice an # Aironet 4500/4800 802.11 wireless NICs. nodevice ath # Atheros NIC's nodevice ath_pci # Atheros pci/cardbus glue nodevice ath_hal # pci/cardbus chip support nooptions AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors nodevice ath_rate_sample # SampleRate tx rate control for ath #device bwi # Broadcom BCM430x/BCM431x wireless NICs. #device bwn # Broadcom BCM43xx wireless NICs. nodevice ipw # Intel 2100 wireless NICs. nodevice iwi # Intel 2200BG/2225BG/2915ABG wireless NICs. nodevice iwn # Intel 4965/1000/5000/6000 wireless NICs. nodevice malo # Marvell Libertas wireless NICs. nodevice mwl # Marvell 88W8363 802.11n wireless NICs. nodevice ral # Ralink Technology RT2500 wireless NICs. nodevice wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. nodevice wpi # Intel 3945ABG wireless NICs. # Pseudo devices. device loop # Network loopback device random # Entropy device device padlock_rng # VIA Padlock RNG device rdrand_rng # Intel Bull Mountain RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device firmware # firmware assist module # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter # USB support options USB_DEBUG # enable debug msgs device uhci # UHCI PCI->USB interface nodevice ohci # OHCI PCI->USB interface device ehci # EHCI PCI->USB interface (USB 2.0) nodevice xhci # XHCI PCI->USB interface (USB 3.0) device usb # USB Bus (required) device ukbd # Keyboard device umass # Disks/Mass storage - Requires scbus and da # Sound support nodevice sound # Generic sound driver (required) nodevice snd_cmi # CMedia CMI8338/CMI8738 nodevice snd_csa # Crystal Semiconductor CS461x/428x nodevice snd_emu10kx # Creative SoundBlaster Live! and Audigy nodevice snd_es137x # Ensoniq AudioPCI ES137x nodevice snd_hda # Intel High Definition Audio nodevice snd_ich # Intel, NVidia and other ICH AC'97 Audio nodevice snd_uaudio # USB Audio nodevice snd_via8233 # VIA VT8233x Audio # UTF-8 console options TEKEN_UTF8 ##################################################################### # crypto subsystem # # This is a port of the OpenBSD crypto framework. Include this when # configuring IPSEC and when you have a h/w crypto device to accelerate # user applications that link to OpenSSL. # # Drivers are ports from OpenBSD with some simple enhancements that have # been fed back to OpenBSD. device crypto # core crypto support device cryptodev # /dev/crypto for access to h/w device aesni # The pf packet filter consists of three devices: # The `pf' device provides /dev/pf and the firewall code itself. # The `pflog' device provides the pflog0 interface which logs packets. # The `pfsync' device provides the pfsync0 interface used for # synchronization of firewall state tables (over the net). device pf device pflog device pfsync # altq(9). Enable the base part of the hooks with the ALTQ option. # Individual disciplines must be built into the base system and can not be # loaded as modules at this point. ALTQ requires a stable TSC so if yours is # broken or changes with CPU throttling then you must also have the ALTQ_NOPCC # option. options ALTQ options ALTQ_CBQ # Class Based Queueing options ALTQ_RED # Random Early Detection options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required if the TSC is unusable # Use real implementations of the aio_* system calls. There are numerous # stability and security issues in the current aio code that make it # unsuitable for inclusion on machines with untrusted local users. nooptions VFS_AIO # Netmap device netmap # CPU temp nodevice amdtemp device coretemp # Enable support for generic feed-forward clocks in the kernel. # The feed-forward clock support is an alternative to the feedback oriented # ntpd/system clock approach, and is to be used with a feed-forward # synchronization algorithm such as the RADclock: # More info here: http://www.synclab.org/radclock options FFCLOCK # VirtIO support device virtio # Generic VirtIO bus (required) device virtio_pci # VirtIO PCI device device vtnet # VirtIO Ethernet device device virtio_blk # VirtIO Block device device virtio_scsi # VirtIO SCSI device device virtio_balloon # VirtIO Memory Balloon device options TMPFS #Efficient memory filesystem nooptions UDF #Universal Disk Format device hwpmc # Hardware Performance Monitoring Counter support